What's new this week in the news for MSPs? Amazon releases its new application for Windows migrations, Microsoft buys corp.com, a PSA on fake Zoom installers, and phishing scammers are impersonating some prominent government officials. Let's see what's going on.
AWS Starts Its Windows Migration Accelerator Application
Amazon Web Services first launched a preview of its new application, Migration Acceleration for Windows Program (AWS MAP), in December 2019 at AWS re:Invent. This week they have released it for general availability. It is a service designed to assist customers in handling large-scale migrations of Windows-based workloads to AWS. To reduce the risks associated with switching to the cloud, Amazon has included access to services like prescriptive guidance, consulting with AWS experts and tools, training, and service credits.
It can also help customers reduce their licensing costs through the adoption of cloud-native and open-source technologies. After an assessment that checks for migration readiness, the next step aims to fix any problems identified. Finally, with the help of Amazon's ProServe team and Amazon Partner Network companies, it carries out the actual migration.
Corp.com Bought by Microsoft to Stop Windows Account Hijacking
To prevent its use by scammers stealing Windows credentials, monitoring customer traffic, or serving malicious files, Microsoft has purchased the corp.com domain. Previously, it was held by internet domain name investor Mike O'Connor, who has held the domain for the past 26 years and has always been hesitant to sell it.
Historically, Microsoft recommended companies to use “CORP” as the name of their Active Directory when configuring their Windows network. Since the Internet and DNS are now more integrated with Windows network domains, those using “CORP” for Active Directory could run into DNS issues due to name collisions with the real corp.com domain on the Internet. If malicious actors used the corp.com Internet domain, it would likely permit them to distribute infected files or malware, or even misappropriate Windows user credentials. They send user accounts and hashed passwords to the server, and that would make them vulnerable when they try to access network shares.
Microsoft now advises that you should own any domain you intend to use for your Active Directory Services on a Windows network, to stop any DNS name collisions.
PSA: Zoom Installer Impersonators Distributing Malware
With Zoom videoconferencing services growing in popularity, attackers are making use of it to distribute installers packaged with malware applications. Social distancing and remote working have led to people spending more time inside, using Zoom services for meetings, classes, and virtual hangouts.
Armed with this data, threat actors are distributing Zoom client software packaged together with malware like coin miners, remote access trojans, and adware bundles.
Most recently, Trend Micro found a Zoom installer spreading a cryptocurrency miner on the victim's computer. According to Trend Micro, "We found a Coinminer bundled with the legitimate installer of video conferencing app Zoom, luring users who want to install the software but end up unwittingly downloading a malicious file." This malware tries to use your GPU and CPU to search for the Monero cryptocurrency and may harm the hardware in your PC by causing your computer to slow down and possibly get overheated.
Phishing Scammers Impersonating the White House and Vice President Pence
That email in your inbox may not be from who you think. Phishing scammers have emailed potential victims as from the White House on behalf of President Trump, and others as Vice President Pence. These emails come with a payload that distributes malware or performs extortion scams.
The email security firm Inky found and reported this phishing scam being perpetrated by threat actors purporting to be from the White House, sending out coronavirus guidelines on behalf of President Trump.
The emails state they are the latest "Coronavirus Guidelines for America," and then prompt the victim to click on a hyperlink to download a document. A spoof White House web page then loads in their browser, containing a hyperlink to "Download and read the full document." Finally, it asks the victim to download a malicious Word document that prompts them to “Enable Editing” and “Enable Content” to view it. This malicious code launches an attack on the victim's computer.
Another phishing scam purports to be from Vice President Pence. In it, the “politician”claims to have just come out of a security meeting about the recipient's company. This almost feels like an extortion scam.
That's a Wrap
That's the week in summary. I hope this overview has been helpful. MSP360 is your resource for MSP news. Stay safe and healthy, and check back next week for more highlights.